package com.shujia;

import java.io.FileReader;
import java.io.IOException;
import java.sql.*;
import java.util.Properties;

public class Code5PrepareStatement {
    static Connection connection;
    static {
        Properties properties = new Properties();
        try {
            properties.load(new FileReader("source/jdbc.properties"));
        } catch (IOException e) {
            e.printStackTrace();
        }
        try {
            Class.forName(properties.getProperty("driver"));
        } catch (ClassNotFoundException e) {
            e.printStackTrace();
        }

        try {
            connection = DriverManager.getConnection(
                    properties.getProperty("url"),
                    properties.getProperty("user"),
                    properties.getProperty("password")
            );
        } catch (SQLException e) {
            e.printStackTrace();
        }
    }

    public static void main(String[] args) throws SQLException {

        String sql = "SELECT id FROM login WHERE user= ? AND passwd=md5(?)";

        PreparedStatement preparedStatement = connection.prepareStatement(sql);
        preparedStatement.setString(1,"wanglaowu");
        preparedStatement.setString(2,"34567')OR('1'='1");

        ResultSet resultSet = preparedStatement.executeQuery();
        if(resultSet.next()){
            System.out.println("登录成功...");
        }else {
            System.out.println("登录失败....");
        }
        preparedStatement.close();
        connection.close();

    }
}
